Clipping chips, health care phishing and USIS selling off
News and notes from around the federal IT community.
NIST to bid farewell to the Clipper chip
The National Institute of Standards and Technology is planning to withdraw six Federal Information Processing Standards from its roster because of their obsolescence or lack of support from developers, according to a Jan. 16 notice in the Federal Register.
The standards are FIPS 181, an automated password generator; FIPS 185, an escrowed encryption standard; FIPS 188, a security label for information transfer; FIPS 190, for use with advanced authentication; FIPS 191, which analyses local-area network security; and FIPS 196, for entity authentication using public-key cryptography.
FIPS 185, released during the Clinton administration, is based on a secret encryption algorithm called Skipjack that the National Security Agency began developing in 1985. The goal was to hardwire an encryption standard into computers, communications networks and devices on a so-called Clipper chip that would be accessible to law enforcement agencies conducting lawful electronic surveillance.
The system never caught on in the private sector and, according to the Federal Register notice, "is no longer approved to protect sensitive government information."
DHS warns of 'Obama care' phishing
The Department of Homeland Security's cybersecurity emergency team has issued a warning about a scam that uses the 2010 health care law as a stalking horse.
A Jan. 15 warning from DHS' U.S. Computer Emergency Readiness Team (US-CERT) said a phishing campaign is using email messages purporting to come from a federal agency and referencing the health care law in the subject line. The messages claim to direct recipients to health coverage information but instead send them to sites that attempt to elicit private information or install malicious code.
US-CERT reminded recipients of the usual precautions that should be taken to stay safe online, such as not following links or downloading attachments in unsolicited email messages and using up-to-date antivirus software.
Troubled USIS finds buyer for Global Security business
U.S. Investigations Services is selling its Global Security and Solutions division to PAE, Washington Technology reports.
Terms of the deal were not disclosed, but the Global Security and Solutions business was essentially all that remained of USIS after the Office of Personnel Management canceled the firm's contracts for background investigations.
USIS laid off more than 2,000 people when it shut down those operations. The Global Security and Solutions division -- whose services include litigation support, biometric capture and enrollment, training, and other security-related services -- remained in business and will bring about 1,900 employees to PAE.
But the business also lost a $210 million contract after the Government Accountability Office ruled that the Department of Homeland Security did not properly determine that USIS was a "responsible contractor."
NEXT STORY: Ending the tyranny of passwords